Re: [PATCH 4/4] binfmt_elf: Elf executable signature verification

From: Vivek Goyal
Date: Wed Mar 20 2013 - 12:00:06 EST

On Tue, Mar 19, 2013 at 10:39:01AM -0400, Mimi Zohar wrote:

> Lastly, adding 'VM_LOCKED' here seems to change existing, expected
> behavior. According to the mlock(2) man pages, "Memory locks are not
> inherited by a child created via fork(2) and are automatically removed
> (unlocked) during an execve(2) or when the process terminates." Someone
> else needs to comment on this sort of change. Andrew? Al?

I think removing locks during execve() makes sense. New executable will
get its own locked memory and it is not dependent on memory areas locked
before execve().

fork() is more interesting though. I guess we could just reset the
"signed" bit of forked process. So it does not inherit it from parent. And
when forked process does exec() it will lock its own memory areas and
get "signed" bit if signatuer verification was successful.

So looks like exeisting memory lock behavior on fork()/execve() will be

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at